Why business faces a reckoning on data privacy

Facebook CEO Mark Zuckerberg Getty Images It's been a big month for Big Data ­and as a result next year promises to be an even bigger one for privacy.

After years of negotiations, European Union officials this month unveiled the Data Protection Reform, a uniform legal regime for data collection and sharing that will replace the various data privacy laws of its individual member countries by 2018.

The imminent passage into law of this massive new digital "rulebook" once they have digested the 200+ pages, the final text is expected to be formally adopted by the European Parliament and Council early next year - was barely reported in Australia.

But you can bet Mark Zuckerberg and Jeff Bezos are sitting up and taking notice, as will the executives of any global company that sells a significant chunk of its goods or services online.

That's because the jurisdiction of the EU's new laws will be digital, rather than physical. Any company, regardless of where it may be physically based, seeking to sell goods or services online to EU citizens, or to collect their data for social media activity, will be affected.

Fundamental to the Data Protection Reform is a commitment to giving ordinary citizens more control over how their personal information is used by companies.

The new rules set tough controls over how companies may collect personal data from customers using their sites. "Silence, pre-ticked boxes or inactivity" won't count, according to the draft rules.

Instead, consent must be "freely given, specific, informed and unambiguous".

Individuals will also have an expanded "right to be forgotten". Should they decide they want their data records deleted from a particular site, that company or operate will be obliged to destroy them.

Potentially, the EU will also lift the digital age of consent from 13 to 16 years old (although individual member countries are likely to be given some leeway on this rule). Any digital operator, including the social media giants, will be obliged to gain parental consent before interacting with children under 16.

The threatened fines for non-compliance with any of these new guidelines are as high as 2% of a company's global annual turnover.

Ouch.

For its part, the EU says it has the interests of average people in mind. And it has the statistics to prove it.

Australians are concerned, too

In June, the EU published an extensive "Eurobarometer" survey that found 80 per cent of EU citizens felt they did not have complete control of the personal information they gave online, with 67 per cent concerned about this lack of privacy and security.

Interestingly, a Crosby|Textor poll conducted around the same time showed very similar results for Australians, with a substantial majority (62%) totally opposed to the collection of personal data by companies.

Only member organisations like roadside assistance services, and Government departments and agencies, enjoyed majority public support to collect personal data, and then only marginally.

Significantly, Australians are most suspicious of some of the most commonly used and popular Internet players: 76 per cent oppose the collection of their data by services like Facebook and Google. But retail giants like Coles and Woolworths are not far behind, with 67 per cent saying they were opposed.

So clearly online privacy is a big deal ­and one that is likely to get bigger as more companies invest in "data mining": collecting and analysing the personal information of consumers and clients primarily to find new ways to generate profit, but also for sale to third parties. Any large retailer with a loyalty program and a large customer base now possesses a lucrative library of information that can be on-sold, for example, to manufacturers wanting to tailor their products to consumer trends and changing behaviours.

Too often, the question of how to protect privacy online is presented as a binary choice for governments and responsible companies. That is, that there should either be absolutely no personal data collection and storage allowed, or it should be open slather in the digital marketplace.

But what if there was a middle ground?

It's worth considering, not least because what people think and how they act are so often two very different things.

According to Facebook, nine million Australians use the site every day. And according to the Australian Bureau of Statistics, more than three-quarters of Australia's 15.4 million Internet users have bought or ordered something online.

Alex Wong/Getty Images So, while we may sometimes fret about what happens once we share our data, these gnawing doubts are often trumped by our desire for social networking and that bargain pair of Jimmy Choos from Net-a-Porter.

Humans are contradictory ­and in this case, we want to have our status updates and keep our privacy too.

And if sharing information means more personalised and relevant service a digital shopping concierge, for example, that combines geolocation data with previous shopping history to recommend great bargains nearby when you are visiting a particular neighbourhood ­some will be prepared to tolerate the intrusion.

Indeed, more than half of respondents to our Crosby|Textor poll said they would support some collection of personal data if companies could show how their customers benefited. But be warned: scepticism runs high about how those benefits should be demonstrated. Broad statements about big data helping companies plan for the future or improve customer service generally just don't cut it; worse, they risk irritating an already sensitised audience.

Trust is becoming an increasingly valuable asset. In its 2013 Global Consumer Sentiment Survey, the Boston Consulting Group found respondents were up to five times more willing to share their personal information if they trusted the companies involved to only use it for certain purposes.

Another solution is to simply ask individuals to put their own price on their information. Rather than regulate to protect everyone, based on the demonstrably fallacious assumption that none of us want to share our details, why not offer those who are prepared to divulge their information to profit from it?

The problem right now is the data mining landscape is a bit like gold rush days. Plenty of folks running around with the scent of treasure in their nostrils, but not quite sure how to dig it up ­particularly as data miners use computers and analytics rather than picks and shovels.

It's hard to set a price for the goldfield in total. But unlike the olden days, each of us already has a personal nugget in our pockets. And it should be up to us to decide what we do with it ­including if we want to sell it.